Web MVC and WebFlux look up by name the Locale(Context)Resolver beans
that they use. Previously, the auto-configured resolvers for MVC and
WebFlux would back off when any bean of the required type was defined,
irrespective of its name. If the name of the user's bean didn't match
the name used by MVC and WebFlux to find the custom resolver, the
custom resolver would be ignored and MVC and WebFlux would use their
defaults. There was no indication of this happening in the condition
evaluation report as all it would show is that the auto-configured
resolver had backed off in favour of the custom resolver. It wouldn't
show anything to explain why the custom resolver had not been used.
This commit updates the auto-configured resolvers to be conditional
on a missing bean of the name required by MVC and WebFlux. If the
user then defines a custom resolver with a different name, the
condition evaluation report will show that the auto-configured
resolver remained as the bean name didn't match.
Fixes gh-24209
Prior to this commit, packaging a Spring Boot application as a container
image with Cloud Native Buildpacks could result in unwanted browser
caching behavior, with "Last-Modified" HTTP response headers pointing to
dates in the far past.
This is due to CNB resetting the last-modified date metadata for static
files (for build reproducibility and container layer caching) and Spring
static resource handling relying on that information when serving static
resources.
This commit introduces a new configuration property
`spring.web.resources.cache.use-last-modified` that can be used to
disable this behavior in Spring if the application is meant to run as a
container image built by CNB.
The default value for this property remains `true` since this remains
the default value in Spring Framework and using that information in
other deployment models is a perfectly valid use case.
Fixes gh-24099
Previously, Quartz could be configured with a specific DataSource
using `@QuartzDataSource` but it was not possible to configure a
Quartz-specific transaction manager. This could result in the
different DataSources being used by Quartz itself and Quart'z
DataSourceTransactionManager.
This commit introduces a new qualifier, `@QuartzTransactionManager`,
that can be used to avoid the above-described problem. Any
`@QuartzTransactionManager`-annotated bean will be used by the
Quartz auto-configure configuration instead of the application's main
`TransactionManager`. If no such qualified bean is present, the
application's main TransactionManager, if any, will be used as before.
Fixes gh-20184
When running on Java 11 (where `@PostConstruct` is no longer part of
the JRE) and without a dependency on jakarta-annotation-api,
`@PostContruct` annotions are silently dropped. This leads to obscure and
hard-to-track down changes in the behaviour of our auto-configuration
as the `@PostConstruct`-annotated methods are not invoked.
To allow users to run on Java 11 without having jakarta-annotation-api
on the classpath, this commit removes use of `@PostConstruct` from main
code. A Checkstyle rule has also been added to prevent its usage in
main code from being reintroduced.
Closes gh-23723
Exclude `@ConfigurationProperties` beans from method validation so
that `@Validated` can be used on final classes without the method
validation post-processor throwing an exception.
This commit introduces a `FilteredMethodValidationPostProcessor` class
which will use `MethodValidationExcludeFilters` to exclude beans from
method validation processing. Using `@EnableConfigurationProperties`
will automatically register an appropriate filter.
Closes gh-21454
Previously, the locale context resolver used with WebFlux could only be
configured by provided a custom LocaleContextResolver bean. By
constrast, when using Spring MVC, the spring.mvc.locale and
spring.mvc.locale-resolver properties could be used to configure the
locale and the resolver (fixed or Accept header) respectively.
This commit introduces spring.web.locale and spring.web.locale-resolver
properties and deprecates their spring.mvc equivalents. The new
properties can be used to configure locale resolution with either
Spring MVC or WebFlux.
Closes gh-23449
Add a dedicate condition annotation to detect when Spring Security is
available but has not been configured by the user. The new annotation
helps simplify quite a few of our auto-configuration classes.
See gh-23421
Replace `WebSecurityConfigurer` and `WebSecurityConfigurerAdapter`
configurations with `WebSecurityCustomizer` or `SecurityFilterChain`
beans.
Closes gh-23421
Previously, @WebListeners were discovered via custom component scanning
and then registered programmatically via the ServletContext. The servlet
spec requires any ServletContextListener registered in this manner to be
prohibited from programatically configuring servlets, filters, and
listeners. This left us not strictly complying with the servlet spec
as a ServletContextListener registered via a @WebListener annotation
should be able to programatically configure other components.
This commit updates WebListenerHandler to register each @WebListener
component directly with Jetty, Tomcat, or Undertow rather than via the
ServletContext API. This ensure that any @WebListener-annoated
ServletContextListener registered via servlet component scanning is
able to programatically register servlets, filters, and listeners.
There is a small chance that this will be a breaking change for some
users:
1. The ServletListenerRegistrationBeans that were previously defined
for each @WebListener will now be
WebListenerHandler.WebListenerRegistrars
2. Each @WebListener-annotated class will now be instantiated by
Jetty, Tomcat, or Undertow. Jetty and Tomcat both require the class
to be public and have a public default constructor. Previously,
a package-private class or default constructor could be used as the
instantiation was performed by Spring Framework. Undertow is not
affected as it can instantiate a package-private type.
Fixes gh-18303
This commit fixes the auto-configuration of Spring Session to use
"server.servlet.session.timeout" as a fallback for Servlet-based web
applications only.
Closes gh-23752
Prior to this commit, the `StaticResourceLocation` for favicons would
point to `"/**/favicon.ico"`. This location does not reflect the current
web development landscape, since the png format and size variants are
not supported here. Also, the `"**"` pattern can be costly at runtime
and is deprecated by the new path pattern support in Spring Framework
(see gh-22833).
This commit changes the default locations to `"/favicon.*","/*/icon-*"`,
supporting common use cases such as `"/favicon.ico"`, `"/favicon.png"`
and `"/icons/icon-48x48.png"`.
Closes gh-23126
This commit adds support for Redis cache metrics. Users can opt-in for
statistics using the "spring.cache.redis.enable-statistics" property.
Closes gh-22701
Spring 5.3 introduced the JdbcTransactionManager with exception
translation on commit and rollback. This commit updates the
auto-configuration to use this implementation rather than
DataSourceTransactionManager.
See gh-23672
Constructor calls like new AtomicInteger(0) cause a volatile write that
can be saved in cases where the constructor parameter is the default
value.
See gh-23575
Previously, the default servlet was registered automatically when using
embedded Jetty, Tomcat, or Undertow. However, it is not used by the
majority of applications where Spring MVC's DispatcherServlet will be
the only servlet that's needed. As such configuring the default servlet
was wasting CPU and memory.
This commit changes the default for registering the default servlet to
false. It can be re-enabled by setting
server.servlet.register-default-servlet=true.
Closes gh-22915
Previously, spring.flyway.init-sqls was only applied to Flyway's
configuration if Flyway was being configured to create the DataSource.
If Flyway was being configured to use an existing DataSource, init-sqls
was not applied. This is a hangover from when the init SQLs support was
introduced. At that time, Flyway only supported SQL to initialize the
connection when it was creating the DataSource. Flyway 5.2 added init
SQL support no matter how Flyway's DataSource was configured.
This commit updates FlywayAutoConfiguration to always apply the
init-sqls property to Flyway's configuration. The property's
documentation does not describe the current limitation so this change
should align the behaviour with what the documentation leads people to
expect.
Fixes gh-23392
Remove casting "timestamp" to `java.util.Date` in
`ErrorMvcAutoConfiguration` as the cast is not necessary and it
prevents other types (e.g. `java.time`) from being used.
See gh-23256
Previous to this commit the connection idle timeout and heartbeat
interval were mapped to seconds whereas Cassandra expects ms for all
duration types.
This commit fixes the mapping and removes the default duration unit
since it should be considered ms like every other duration properties.
Closes gh-23249
The commit also includes an upgrade to Nimbus JOSE JWT 9.0. Spring
Security requires 9.0 and it is not backwards compatible with 8.19.
Closes gh-23225
Closes gh-23242
This commit deprecates the
`"spring.resources.chain.html-application-cache"` configuration property
and its support, since the feature has been deprecated in Spring
Framework.
The app-cache manifest feature is being removed from browsers in favor
of web workers.
Closes gh-23228
ReactiveDataAccessStrategy has been deprecated in Spring Data R2BC in
favor of R2dbcConverter (and StatementMapper and UpdateMapper). When
not using Boot, an R2dbcConverter bean is now defined by
AbstractR2dbcConfiguration. This commit updates
R2dbcDataAutoConfiguration to replace the definition of a
ReactiveDataAccessStrategy bean with the definition of an
R2dbcConverter bean.
See gh-23197
Prior to this commit, Spring Boot would auto-configure both
Elasticsearch variants: `RestClient` ("Low Level" client) and
`RestHighLevelClient` ("High Level" client).
Since one can be derived from the other, this would create complex and
unclear situations depending on what developers provided with their
configuration.
`RestHighLevelClient` is mostly for actual use of the Elasticsearch API,
with support for specific methods and (de)serialization. On the other
hand, `RestClient` is merely wrapping the Apache HTTP client for
load-balancing support and low level HTTP features.
This commit completely removes the support for `RestClient` in Spring
Boot and now requires the presence of the
`org.elasticsearch.client:elasticsearch-rest-high-level-client`
dependency for REST client support with Elasticsearch.
Closes gh-22358
This commit adds a protected method that lets an override customize the
configuration of the ClassPathScanningCandidateComponentProvider used
to scan entities.
Closes gh-23154
Previous to this commit, an auto-configuration would create a
PlatformTransactionManager if none is present and others conditions are
met. Spring Framework now has the notion of TransactionManager, a parent
interface that gathers both PlatformTransactionManager and
ReactiveTransactionManager.
Spring Boot should not be in a situation where both managers are defined
out-of-the-box. This commit makes sure to back-off if any
TransactionManager is available.
Closes gh-22851
Previously to this commit, a project that has several classpath
locations matching the template path may lead to some of those
locations to be ignored if one of them is a directory. This can easily
happen if you run your tests in your IDE.
This commit changes the default of "preferFileSystemAccess" to
false so that the complete classpath is always considered.
Closes gh-23051
Prior to this commit, values from MongoProperties would always
overwrite matching fields in MongoClientSettings. This commit
preserves all values in MongoClientSettings if the client app
provides the MongoClientSettings bean, and only overwrites from
MongoProperties if no MongoClientSettings bean is provided.
Fixes gh-22321
The current arrangement with Neo4j does not allow us to know for sure
that the user intends to use `@Transactional` for reactive or imperative
operations.
The main reason for that is that the only trigger for the reactive
auto-configuration is the presence of reactor on the classpath given
that the Neo4j driver ships with both styles in the same jar. And
reactor can be on the classpath for a number of reasons that are
unrelated to imperative access (typically `WebClient`).
This commits removes the auto-configuration of the
ReactiveNeo4jAutoConfiguration and makes sure that if the user defines
one, the regular `PlatformTransactionManager` backs off. This is
a temporarily situation until we can provide a better signal that the
user intends to primarily use imperative repositories.
Closes gh-22940
This commit switches the deprecation level of several properties in the
spring.data.neo4j namespace from error and warning. The server URI and
basic authentication can be used in a deprecated fashion to configure
the new neo4j driver.
Closes gh-22653
Update `SharedMetadataReaderFactoryContextInitializer` to optionally
support a `ConfigurationClassPostProcessor` provided via an instance
`Supplier`.
If the instance supplier is available then we can use that to set the
`MetadataReaderFactory` non-reflectively, instead of using a
`PropertyValue` (and the `BeanWrapper` eventually).
The previous behavior is left as a fallback and without a change in
Spring Framework will continue to be the default for most applications.
See gh-22858
With the upgrade to the new Couchbase SDK and the related changes in
Spring Data Couchbase, CacheManagerCustomizer can no longer be used to
customize the Couchbase cache manager as it is an immutable class.
This commit introduces a dedicated callback for the
CouchbaseCacheManagerBuilder that is used by the auto-configuration and
update the documentation to refer to it with a sample usage.
Closes gh-22573
Previously, UrlPathHelper's full path optimization was enabled when
there was a dispatcher servlet mapped to /. The UrlPathHelper is used
across Spring MVC and if there are multiple dispatcher servlets they
all share the sample UrlPathHelper. This meant that any additional
dispatcher servlets mapping to locations other than / would not be able
to map requests correctly as the UrlPathHelper would use the full path,
ignoring the url mapping of the dispatcher servlet.
This commit updates the MVC auto-configuration so that use of the full
path is only enabled if there's a single dispatcher servlet
registration.
Fixes gh-22682
This commit removes usage of methods and classes that were previously
deprecated in RSocket and Spring Framework and have been removed.
Closes gh-22764
This commit adapts the auto-configuration for the new core r2dbc support
in Spring Framework and provides auto-configuration for
R2dbcEntityOperations.
Closes gh-22708
This commit adds the support for creating a managed instance of the
Neo4j Java driver. The low-level support for Neo4j is helpful in
situations where the high-level abstraction of Spring Data Neo4j is not
needed.
See gh-22301
Previously, background pre-init was started in response to the
application starting event. This meant that it would be running while
the logging turbo filter was in place and was rejecting all logging.
As a result, any logging performed during pre-init would be lost.
This commit changes background pre-init so that it is now started
in response to the application environment prepared event. By this
point, the logging turbo filter has been removed as the logging levels
have been configured from the environment.
Closes gh-21897
Previously, only UndertowOptions was used as the source of options for
both server and socket options, but it only contains server options.
As a result, attempting to configure any socket options defined by
XNIO's Options class would fail.
This commit updates the property-based configuration of options to use
UndertowOptions as the source for server options and XNIO's Options as
the source for socket options.
Fixes gh-22502
This commit fixes the auto-configuration of the Couchbase caching
support by configuring the cache once Spring Data Couchbase has gotten
a chance to be processed.
Closes gh-22542
BackgroundPreinitializer is not relevant in native images so it is
better to ignore it automatically in order to reduce the footprint
in such environment.
See gh-22392